[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Using domain whois information for fun and profit
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Using domain whois information for fun and profit
- From: Joachim Schipper <j.schipper@xxxxxxxxxx>
- Date: Mon, 27 Feb 2006 22:06:06 +0100
On Mon, Feb 27, 2006 at 02:41:17PM -0600, Response Team wrote:
> The whois information for this domain contains a <script> tag. This means if
> you are to view the whois information on any HTML based page, the script is
> executed.
>
> Registrant:
> DOMIBOT (CAREFREETRAVELMN-COM-DOM)
> Avenida Caroni 5478
> Colinas Monte, Caracas
> Venezuela
> +1.2085751538
> <script>open('http://CAREFREETRAVELMN.COM');</script>
> +1.2085751538
> domains@xxxxxxxxxxx
>
> Domain Name: CAREFREETRAVELMN.COM
> Status: PROTECTED
>
> A google search for HTML based Whois pages turned up: http://
> networking.ringofsaturn.com/Tools/whois.php
> If you do a whois on carefreetravelmn.com, you get a popup window.
>
> Should internic allow <tags> to be used in domain registration contact info?
Why not? It's not like it's internic's problem that some
people/programmers do stupid things.
Blacklists wouldn't work anyway, and it's, again, not internic's fault
or problem.
And there is no reason to use a web-based client when all serious
networking operating systems come with a whois client supplied (or at
least very, very easily installed).
Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/